Full Disclosure mailing list archives
RE: Comment Spam: new trends, failing counter-measures and why it's a big deal
From: "php0t" <very () unprivate com>
Date: Mon, 13 Feb 2006 18:31:46 +0100
the global solution against word recognition based challenges? If it
was like that, it would mean that there is no way anybody could make
an image generator that would change its success rate from 90% to 0%...
It's *really* *really* difficult to produce a graphic image of letters
and numbers that is still recognizable to a human but can't
be beaten by a good edge-detection algorithm. For instance, you can
"bleed" the edges so that they're fuzzy - but then the
human has a hard time telling if it's an 'i' or an 'l', or an 'h' or a
'b' (and so on). This is kind of like the problem that you have when you get a confirmation code in SMS, and you can't tell between I's and l's etc thanks to your mobile phone's display. But that doesn't mean the problem is about verifying the person via SMS. They just need to filter / change some letters used to make it a little more obvious (and maybe balance it with longer strings). What you're saying sounds nice, but I ask again - both of you - to post some links to some of these high success rate AI bots (preferably php's) with that algo you say is hard to beat. I'm certainly interested in this, because all this time I thought that even if there were *some* applications that could defeat *some* challenges, the Turing test was still up to the current times, but what you're telling me totally contradicts that. Since you both mentioned these things as certain existing facts, it would be nice to get a reference to a URL (preferably more) so people could just look at it (them) and try for themselves (and naturally play around with them until they beat it - you say it's *very very* hard, I say I have yet to see it - even if it's hard, it'd be worth my time to experiment with it, others will probably agree who think this subject is interesting). Yes, I googled, I didn't get
I suppose you *could* put up a picture of something, and ask "What is
this a picture of" - but then you need a sufficiently
large library of images that an attacker can't just download all of
them and have a human name each one once. And of
course, this has the danger that a user can be left saying: "WTF? Is
that an antelope or a gazelle?".... You're right, I don't like the idea of having a database of all the possible answers, and the antelope/gazelle thing certainly got me pissed on the captcha site. When I tested it, first it was a couple of bugs (I didn't find neither insect, neither bug in the list), then it was umbrellas with an exception picture - it was more like a pain in the ass, a computer would have better luck by going through the option list :P Eagerly waiting for examples, php0t Ps: these are what I found on google about the subject. They're nice, but 1) they contain no code / tryout option, and some of them only focus on solving certain captchas. (as I previously said, *some* apps, *some* tests...) http://www.comp.leeds.ac.uk/fyproj/reports/0405/Rice.pdf http://algoval.essex.ac.uk/rep/textloc/IjdarSpecialFinal.pdf http://bhiv.com/2005/09/30/defeating-diggs-captcha/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Comment Spam: new trends, failing counter-measures and why it's a big deal Gadi Evron (Feb 12)
- RE: Comment Spam: new trends, failing counter-measures and why it's a big deal php0t (Feb 12)
- RE: Comment Spam: new trends, failing counter-measures and why it's a big deal Nick FitzGerald (Feb 12)
- RE: Comment Spam: new trends, failing counter-measures and why it's a big deal php0t (Feb 12)
- Re: Comment Spam: new trends, failing counter-measures and why it's a big deal Gareth Davies (Feb 12)
- RE: Comment Spam: new trends, failing counter-measures and why it's a big deal php0t (Feb 12)
- Re: Comment Spam: new trends, failing counter-measures and why it's a big deal Valdis . Kletnieks (Feb 13)
- RE: Comment Spam: new trends, failing counter-measures and why it's a big deal php0t (Feb 13)
- RE: Comment Spam: new trends, failing counter-measures and why it's a big deal Nick FitzGerald (Feb 12)
- RE: Comment Spam: new trends, failing counter-measures and why it's a big deal php0t (Feb 12)
- Re: Comment Spam: new trends, failing counter-measures and why it's a big deal Andrew Haninger (Feb 12)